Apache-AxKit-Plugin-Session

 view release on metacpan or  search on metacpan

lib/AxKit/XSP/Auth.pm  view on Meta::CPAN

$subr->pnotes('SESSION',$session);
my $type = $subr->auth_type || 'Apache::AxKit::Plugin::Session';
my @set = @{($type->get_permission_set($subr)) || []};
foreach my $perm (@{$_{'permission'} || []}) {
	@set = grep { !perm_equals($_,AxKit::XSP::Auth::struct2perm($perm)) } @set;
}
$type->set_permission_set($subr,@set);
EOC
}

sub random_password : XSP_expr XSP_attribOrChild(lang,signs,numbers,minlen,maxlen)
{
	return 'Crypt::GeneratePassword::word(int($attr_minlen)||7,int($attr_maxlen)||7,$attr_lang,int($attr_signs),(defined $attr_numbers?int($attr_numbers):2))';
}

# This may not work on win32 nor with crypt() implementations without
# MD5 support. Considered experimental for that reason.
sub encrypt_password : XSP_captureContent XSP_expr
{
	return 'crypt($_,AxKit::XSP::Auth::makeSalt())';
}

sub password_matches : XSP_attribOrChild(clear,encrypted) XSP_expr
{
	return << 'EOF';
($attr_clear && $attr_encrypted && crypt($attr_clear,$attr_encrypted) eq $attr_encrypted?1:0);
EOF
}

sub get_reason : XSP_expr
{
	return 'my $auth_type = $r->auth_type || "Apache::AxKit::Plugin::Session"; no strict "refs"; $auth_type->get_reason();';
}

lib/AxKit/XSP/Auth.pm  view on Meta::CPAN

    AxAddXSPTaglib AxKit::XSP::Auth

You must add the Session taglib as well, and if you plan to use <login>, then
also the Globals taglib.

=head1 DESCRIPTION

The XSP session taglib provides authorization management to XSP pages. It
allows you to view, check and modify access permissions for users (logging
in and out) and the effective permissions of an object (file, directory or
subtarget). Moreover, it provides utilities for password handling.

This taglib works in conjunction with Apache::AxKit::Plugin::Session,
which does all the hard work. There are several configuration variants
available, see the man page for details.

=head2 Authorization Scheme

Users are authorized via their associated session object. The session object
may contain varying authorization information. This is in contrast to most other
schemes where a user has a fixed, static set of access permissions. You can easily

lib/AxKit/XSP/Auth.pm  view on Meta::CPAN

This tag checks if the current user is allowed to access a resource. It takes a target
specification like get-permission. It returns 1 or 0.

=head3 C<<check-permission>>

This tag checks if the current user is allowed to access a resource and aborts the current
page if not. It takes a target specification like get-permission and a reason code and
message list like deny-permission.

=head3 C<<random-password>>

This tag returns a random password suitable for sending it to users. It consists of
6 letters or digits, both upper and lower case. There are some checks made to make
sure it doesn't contain an offensive word.

=head3 C<<encrypt-password>>

This tag encrypts its contents as a password and inserts the result.

=head3 C<<password-matches>>

This tag checks if a password matches an encrypted password. Pass the passes in child
tags or attributes named 'clear' and 'encrypted'. Returns 1 or 0.

=head3 C<<get-reason>>

This tag returns a symbolic value which describes the last auth error. This can be used
to explain a foreced logout to the user (session expired, IP address mismatch, or others).
There is currently no list of possible error codes. An empty value means "no error". An unknown
error most likely results in 'bad_session_provided'.

=head3 C<<get-location>>

logon.xsp  view on Meta::CPAN

 xmlns:session="http://www.apache.org/1999/XSP/Session"
 xmlns:auth="http://www.creITve.de/2002/XSP/Auth"
 xmlns:rsddl="http://www.creITve.de/2002/RSDDL"
 xmlns:esql="http://apache.org/xsp/SQL/v2"
 xmlns:xi="http://www.w3.org/2001/XInclude"
 xmlns="http://www.w3.org/1999/xhtml"
>
<html>
<xsp:logic>
<!-- fill in your favourite form checking code here -->
my $form_complete = ($cgi->param('username') and $cgi->param('password'));
my $form_username = $cgi->param('username');
my $form_password = $cgi->param('password');

my $correct_username = 'test';
my $crypted_password = '$1$abcdefgh$irWbblnpmw.5z7wgBnprh0'; # == test
my $level = 42;
my @groups = ('test','foo','bar');
<!-- - - - - - - - - - - - - - - - - - - - - - - - -->
</xsp:logic>
<head>
<title>Login</title>
</head>
<body>
<xsp:logic>
if (<auth:is-logged-in/>) {
  <h1>Welcome!</h1>
  <p>You are logged on as: <auth:get-access type="user"/></p>
} else {
  <h1>Logon</h1>
  if ($form_complete) {

    if ($form_username eq $correct_username and <auth:password-matches>
      <auth:clear><xsp:expr>$form_password</xsp:expr></auth:clear>
      <auth:encrypted><xsp:expr>$crypted_password</xsp:expr></auth:encrypted>
        </auth:password-matches>) {
       <auth:login>
        <auth:access type="user"><xsp:expr>$form_username</xsp:expr></auth:access>
        <auth:access type="level"><xsp:expr>$level</xsp:expr></auth:access>
        <xsp:logic>
        foreach my $group (@groups) {
          <auth:access type="group"><xsp:expr>$group</xsp:expr></auth:access>
        }
        </xsp:logic>
      </auth:login>
     }
  }
  <p>User unknown or wrong password.</p>
}
my $reason = <auth:get-reason/>;
my $dest = Apache::Request->instance($r)->{'destination'} || <auth:get-location/>;
<auth:clear-reason/>
if ($reason) {
  if ($reason ne 'bad_session_provided') {
    <p>This area is only available to registered users.</p>
  } else {
    <p>Your session data has expired. If you are inactive for a certain amount, you are automatically logged out.</p>
  }
}
</xsp:logic>
<p>Please log on.</p>
<form method="POST">
<input type="hidden" name="destination">
  <xsp:attribute name="value"><xsp:expr>$dest</xsp:expr></xsp:attribute>
</input>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
</form>
</body>
</html>
</xsp:page>